1 / 42

Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea

Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea. Table of Contents. A brief Overview 2. Structure of the guideline 3. The Body Chapter 2 Development of Project Plan Chapter 3 Procurement of ICT Project

varen
Download Presentation

Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information System(e-Government) Implementation·OperationGuidelineBy NIA/MoSPA Korea

  2. Table of Contents • A brief Overview 2. Structure of the guideline 3. The Body • Chapter 2Development of Project Plan • Chapter 3Procurement of ICT Project • Chapter 4Selection of Provider and Contract • Chapter 5Project Implementation • Chapter 6Software Secure coding • Chapter 7Audit andOperation

  3. Overview • history • Establishment(‘`11.9.5) • Improvement of procurement and contract system • Reflection of the change of other related laws and orders . Change about 30 kinds of contents applicable to all stages of ICT project (plan‧ procurement‧ contract‧ implementationetc.) • 1’stRevision(‘`12.3.6) • To decrease the side-effect of preventing big business from attending to IT project • To make an environment friendly to the good small and medium business • 2’ndRevision(‘`12.6.27) • To enhance SW secure coding

  4. E-Gov Act Law E-gov Decree Guideline for building & operation of IS Order Manual for writing RFP Legal structure Parliament President Decree Minister order Manual for Ensuring Security Manual Manual Manual for Interoperability Training Training Development of Textbook Training of government officials

  5. Contents of the Guideline

  6. Contents of the Guideline

  7. Contents of the Guideline

  8. Chap. 2. Development of Project Plan • Standard of HW and SW Acquisition(Sec.6.) • Refer to “Guide tor HW Capacity Estimation” for HW Acquisition • Check the availability of existing commercialSW products before SW development • Obligation of the use of existing commercial SW products • Exception) extraordinary high expenses, difficulty in fulfilling the required functions and maintenance etc. • Modify technology evaluation plan to reflect this requirement • Priority to the products developed by small & medium business

  9. Chap.2. Development of Project Plan • Ref) Technology Application plan/result and Technology evaluation Business Plan (Sec.7) RFP (Sec.16) Proposal Implementation (Sec.43) Auditing (Sec.50) Operation (Sec.52) Procedure Technology Evaluation Documents Technology Application Plan Technology Application Result Person In charge Owner Operator Auditor Owner

  10. Chap.2. Development of Project Plan • Exam.) Technology application plan/result (attached form)

  11. Chap.2. Development of Project Plan • Exam.) Technology evaluation (attached form)

  12. Chap. 2. Development of Project Plan • Technology Application Planning and Technology Evaluation of Interoperability(Sec.7) • Perform Technology Evaluation prior to the final Business Plan • Big project and national security related project need a special evaluation of technology application in the planning stage • Reflect the result of evaluation to Business Plan and RFP • Make Technology Application Planning when owners make Business Plan and RFP • Bidding participant must summit Technology Application Plan when submitting a Proposal and it should be re-submitted when implementing the Project

  13. Chap. 2. Development of Project Plan • Security Review and Management(Sec.8) • In the time of making or modifying Information System, Request security review by NIS(National Intelligence Service) according to“Guide to National Information Security” • Development security countermeasures applicable in the process of procurement, management, and operation of ICT project etc. • Develop countermeasure for protecting personal information • Devise SW Vulnerability countermeasure and let business operator comply it • Budget and Estimation(Sec.9) • Refer to“Guide to Estimation of SW business expense ” • Acquisition expense of HWandcommercial SW • 1. the price which is registered at the public procurement service • 2. the newest purchase price • 3. the lowest price among 3 estimates

  14. Chap. 2. Development of Project Plan • The lowest limit of business expenses which big SW business can participate(Sec.10) • State clearly in RFP • ※ sales of big business more than 800billion: 8 billion • sales of big business less than800billion: 4billion • Separate Order of SW(Sec.11) • Refer to“the objects of Separate Order of SW” • ※ more than 1 billion of business expense & more than 50million of SW price • Compensation of Proposal(Sec.12) • Refer to“Operation regulation for compensation of SW proposal” • ※ compensate for the good proposal with money

  15. Chap. 2. Development of Project Plan • Audit(Sec.13) • Refer to “IT Audit Standard” • ※audit scope, procedure and obligation, registration of audit firm, • qualification and education of ITauditor etc. • → Sec.50. auditing • Advance Consultation(Sec.14) • Refer to “regulation to Advance consultation for e-government business” • ※ Main purpose is to filter the duplication among systems

  16. Chap. 3.Order • Requirement Disambiguation of RFP(Sec.15) • State the requirement of RFP clearly though Function list and requirement specification etc. • In the time of ISP, Make the requirement of RFP through the business operator of ISP and Apply them to RFP • Refer to “The guide to make requirements of RFP” • → Sec.16. Making RFP • Sec.45. Changing Tasks • Sec.46. Procedure of Changing Tasks • Sec.47. Payment of Changing Tasks

  17. Chap. 3.Order • Making RFP(Sec.16.) • Include below contents to RFP • 1. Tasks and requirements • 2. Contract condition • 3. Evaluation item and method • 4. Size of Proposal sheet·summit method·biding type • 5. Compensation of Proposal • 6. Items which business operators must comply • a. State Price for a subcontract clearly to RFP • b. propriety of subcontract • c. Technology Application Plan • d. SW secure coding compliance • e. Obligation of proposal presentation by PM • f. Making and submit of standard documents

  18. Chap. 3.Order • RFP Security(Sec.17) • Consider not to include security issues in RFP • 1. IP address of Information systems • 2. system diagram and current condition of systems like vendors, versions etc. • 3. configuration information of systems • 4. access authority like user id, password etc. • 5. analysis report of system vulnerability • 6. current status of information protection products like FirewallㆍIPS etc. and NW devices like routerㆍswitchetc. • 7. closed objects according to“Public information act” • 8. personal information • 9. confidential items etc.

  19. Chap. 3.Order • Evaluation Scale(Sec.18) • In the time of negotiated contact, technology : price = 90:10 • Exception) technology : price = 80:20 • 1. HW ratio is more than 50% • 2. business expense is less than 0.1 billion etc.

  20. Chap. 3.Order Execution Order Selection and Contract stage • Ref) subcontracting management request of price for a subcontract (Sec.19) Review of price for a subcontract(Sec.36) Approval Application(Sec.37) Approval(Sec.38) Check list Management (Sec.40) Person In charge Owner Operator Owner

  21. Chap. 3.Order • Price for a subcontract(Sec.19) • State Direct labor cost, overhead expense, and engineering fee clearly in RFP • 1. direct labor cost : 100% of unit wages • 2. overhead expense + engineering :more than 20% of direct labor cost • ※ example • The Owner pays for a subcontract directly or • Business operator pays for a subcontract within 15 days

  22. Chap. 3.Order • Price for a subcontract(Sec.19) • → Sec.36. Technique and Price Negotiation • Sec.37. Approval Application of subcontracting • Sec.38. Subcontracting Approval • Sec.40. Subcontracting Management

  23. Chap. 3.Order • Proposal Presentation(Sec.21) • PM must make a presentation by himself • Technical Evaluation Standard(Sec.21) • Refer to“SW Technology evaluation standard” • designate at least 6 Relative evaluation items for discrimination of technology • Enlarge evaluation ratio for small & medium business consortium • Furnishing of Predetermined Price(Sec.22) • Determine Predetermined price before proposal submit • Seal it and Keep it in secrete • Predetermined Price Determination Standard(Sec.23) • Refer to “National Contract Act”for determination standard and procedure etc.

  24. Chap. 3.Order • Advance Publication of RFP(Sec.24) • Make public on National procurement service “ww.g2b.go.kr” and homepage of each organization for 5 days (3dyas in urgent case) • 1. business name • 2. organization name • 3. budget • 4. expiration date of comment • 5. contact number and name • 6. delivery deadline • 7. RFP etc. • Exception of advance publication • 1. in case of no time for competition and special appointment contract • 2. in case of security products • 3. product whose estimated price is less than 0.1 billion • 4. in case of second time of publication of RFP • → Sec.25. Review on comment of Advance Publication

  25. Chap. 3.Order • Review on comment of Advance Publication(Sec.25) • Review the comment and inform the result to the offerer • reflect accepted comment to RFP • Composite a committee for the fair review

  26. Chap. 3.Order • RFP issue and Reading(Sec.26) • Refer to“standard for negotiated contract” • Bid Announcement Period (Sec.27)

  27. Chap. 3.Order • Presentation Meeting about RFP(Sec.28) • Host Presentation meeting for bidders(option) • State date & time, place etc. in RFP • Proposal Submission(Sec.29) • Bidders submit RFP and a price bid separately • Seal the price bid and and Keep them in secrete until unsealing a bidding price and Evaluation • → Sec.35(unsealing a bidding price and Evaluation)

  28. Chap. 4.Selection and Contract • Composition of Evaluation Committee(Sec.30) • Composite the evaluation committee with experts from public officials, professors, researchers, industrial experts • Appoint public officials as committee members within 50% • Advance Distribution of Proposal(Sec.31) • In case of detailed review, distribute proposals toe evaluation committee members in advance • Make security policy to prevent from leakage of proposals

  29. Chap. 4.Selection and Contract • Proposal Evaluation(Sec.32) • Evaluate with proposals • Check the identity of presenter • ※ if the presenter is not PM, he can’t make a presentation • Review Time of Proposal and Adjustment of Evaluation Score(Sec.33) • Make Review time of Proposal • 1. Less than 1 billion business : 90 Min. • 2. Less than 2 billion business : 120 Min. • 3. Less than 4 billion business : 150 Min. • 4. more than 1 billion business : 180 Min. • Adjust Evaluation Score in case of suspicious situation

  30. Chap. 4.Selection and Contract • Publication of Technology Evaluation Result(Sec.34) • In case of more than 2 billion business, make public the evaluation result • unsealing a bidding price and Evaluation(Sec.35) • After the technology evaluation, unseal a bidding price and evaluate it without delay • Technology and Price Negotiation(Sec.36) • Refer to “National Contract Act” • In case of changing the task, consider price for a subcontract also.

  31. Chap. 5.Execution • Approval Application of subcontracting(Sec.37) • The Business operator summit to get approval for subcontracting • Include approval application of subcontracting, detailed calculation report, business fulfillment plan of subcontracting(include detailed schedule) etc. • Subcontracting Approval(Sec.38) • Check price for a subcontract • In case of less than the standard of price for a subcontract, refuse it • Notice it clearly within 14 days, or It regards as approval

  32. Chap. 5.Execution • Lunching and Report(Sec.39) • The Business operator summit business lunching report within 10 days after contract • In case of complementary, complement it within 7 days • Ask lunching meeting, if it needs • Subcontracting Management(Sec.40) • The Subcontractor summits compliance report of subcontracting • In case of unfulfilling, report it to Fair Trade Commision

  33. Chap. 5.Execution • Workplace(Sec.41) • Decide workplace with the business operator • Prepare workplace, if budget don’t include the expense for workplace • Consider Remote place development, if it is possible • Human Resource Management(Sec.42) • In case of FP, don’t use head-counting management • Compliance of Technology Application Planning(Sec.43) • The business operator comply with Technology Application Plan and summit the result

  34. Chap. 5.Execution • Standard Documents(Sec.44) • Receive standard documents and keep them consistency to use in the time of operation and maintenance • Changing Tasks(Sec.45) • Change task, if it is necessary • Procedure of Changing Tasks(Sec.46) • Comply the procedure according to to “industrial development act” and “general condition of service contract” • Payment of Changing Tasks(Sec.47) • Adjust the business expense according to “Enforcement decree of national contract act”

  35. Chap. 5.Execution • Integration Management of Information Resource(Sec.48) • Register information resource to “National EA portal (www.geap.go.kr)” • Use the system to manage the status and statistics information resource • Auditing(Sec.49) • Follow up the action plan for audit according to audit report • Auditors write the compliance result between Technology application plan and the result

  36. Chap.6.Software Secure Coding • Principal of SW Secure Coding(Sec.50) • Comply with SW secure coding • In case of new development : all sw codes • In case of maintenance : modified sw codes • Activity of SW Secure Coding(Sec.51) • In time of proposal evaluation, evaluate reasonability of the tools, procedures, method etc. • Refer to “SW secure coding guide” • developers/programmers are trained with secure coding

  37. Chap.6.Software Secure Coding • Diagnosis standard of Security Weakness (Sec.52) • Refer to mandatory diagnosis item • Diagnosis Procedure of Security Weakness(Sec.53) • Diagnose to remove the security weakness • Include diagnosis to Audit check list • Use the tool to remove the security weakness • Business operators verify to remove the security weakness • Diagnostician(Sec.54) • Qualified experts • Registered in Ministry of Security and Public Administration • Management of Diagnostician

  38. Chap.7. Examination and Operation • Compensation of Deferment(Sec.55) • Calculate it according to “general condition of service contract” • Examination(Sec.56) • Examine it according to “general condition of service contract” • Check the compliance between Technology application plan and the result • Check the non-conformity of Audit report to be corrected • Private Application of Information Resource(Sec.58) • share information resource with the private through “public data portal(www.data.go.kr)”or your own Information system

  39. Chap.7. Examination and Operation • Operation and Maintenance(Sec.59) • In case of modification of systems, make consistency between systems and documents • Make manual of operation and maintenance though the business operator • Attribution of Intellectual Property and Deposit of Technical Data(Sec.60) • Refer to“general condition of service contract”

  40. Ref1) Structure of User Requirement

  41. Ref2) Flow of CBD documents Design Analysis Implementation Definition and analysis of requirement tio Source Class Component Unit test result code Class design component design Requirement Defintiion RFP Proposal Business Fulfillment plan Meeting result … Database Conversion Database Database table Data conversion and initial data design Entity relationship description Screen Use case Specification user interface design Test Database design Testing Training Test Integration Test result User manual System test scenario Architecture architecture design Operator manual System test result test plan Integration Test scenario Interface Interface design Unit test case Installation Acceptance Acceptance Test Scenario System Installation result Acceptance Test result Requirement trace Requirement trace

  42. Q & A

More Related